[messaging] Value of deniability

[Natanael]

> No, you're not listening to what I'm saying.  I'm fine with continuing
> to not sign things.  I'm not fine with introducing new primitives that
> are only useful in small edge cases and lying to ourselves about their
> utility.

Deniability isn't new. The utility is real, even though it might not be
obvious today.

> So, what you're saying here is "I don't care about security outcomes
> at all, I care about pushing a specific set of properties that I deem
> important because I know how to achieve them on users regardless of
> what I think they need".

I'm saying the exact reverse of what you interpret it as. I care only about
the security outcome, and THEREFORE I will not accept something that
increases the risk unnecessarily. Deniability isn't something you need to
push on people, most whatsapp users don't know axolotl now is under the
hood, or that it exists.

But I certain that dropping deniability (and I'm talking about provable
authencity vs not provable, unsigned messages is just fine if the integrity
can be preserved in transit to the intended recipient) will introduce
highly undesirable properties.

Deniability itself isn't what I care all that much about. Not putting
people at risk when it can be avoided is.

> Because it is indicative of the complete failure of this community to
> design for user outcomes, and if that isn't going to change, there's
> no point in even continuing to interact with y'all.

But you're now inherently assuming the circumstances won't change when your
last of desired properties have been implemented. That's what I've been
saying, your desired changes will introduce highly undesired changes in the
environment of the users.

A false sense of security is worse than no security. Don't assume the
attacks won't change, that's only going to cause harm.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141212/9a27a3f5/attachment.html>